We Claim: 

1. A security device for connecting a host computer from a host 
bus to a computer network, the security device comprising a local 
bus, a network interface connecto/ng said local bus to the computer 
network, and a two -port memory device connecting said local bus to 
the host bus. / 

2. The security device of dlaim 1, wherein the two-port memory 
device has two bus interfaces, a first interface for communicating 
with the host bus and a second interface for communicating with the 
local bus . / 

3 . The security devicer of /claiih ^TT wh^ein information to be 



passed between the host bus and the/ local bus can not be 
simultaneously locatec^ on the fitsj/ interface and the second 
interface. / / 

4. The security device of >claim 2, wherein information to be 
transmitted from a sending host to a receiving host is written from 
the host bus to tlje first/ interface, then read from the first 
interface to the second interface. 

5. The securityf device of claim 1, wherein the two-port memory 
device comprises la two-port RAM, 




6. The security device of claim 1, furjther comprising an internal 
system memory connected to said local fxis for storing information 
for said firmware and said interface. 

7. The security device of claim ij further comprising a cipher 
unit connected to the local bus. 

8. The security device of cl^im 1^ further comprising an 
authentication interface unit f oj?/^uthentZcating a computer user. 



9. The security devic^^ of /clair 
comprises a network coprocess 



lerein said interface 



10. The security device o^ claim 
a local area, Ethernet or^ tokei 



wherein the network comprises 
rirlg network. 



11. The security deyice 
processing unit fo^" implen 



claim 1, further comprising a central 
lenting firmware. 



12. The security device of claim 1, wherein security is 
implemented at/ a network layer of protocol hierarchy. 



13. A method ^fo^ cont/rol^ling a sending computer to transmit 
information to a recei jing^-e»t^uter over a computer network, the 
method comprising: 
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ifeceiving the information to be transmitted to the receiving 
computeV from the sending computer; 

implementing security mechanisms to determine whether 
communication is authorized from the sending computer to the 
receiving computer and, if not, then terminating the transmission 
of informatioA and, if so, then encrypting the information to be 
transmitted; anci, 

transmitting\ the encrypted information to the receiving 
computer over the ci?mi::^ter network, 



14 . The method of 
security mechanisms 
receiving computer i 



xn 



m 13, wherein the step of implementing 
ises/the steps of determining if the 
transmit list and consistent with a 



transmit security window and,\if both conditions are not satisfied 
then terminating the transmission of information, otherwise 
enc3rypting the information to be Ntransmitted. 



20 



15. The method of claim 14, whereiA the steps of determining if 
the receiving computer is in a transmit list and consistent with a 
transmit security window comprises ohe steps of performing 
discretionary access control and mandatory access control, 
respectively. 
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16. 'tte method of claim 13, further comprising the step of 
generating an audit in addition to terminating the flow of 
information. 

17. The method of claim 13, wherein security is implemented at a 
network layer af protocol hierarchy. 
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18. The method claim 19, the method being implemented by 

security devices, o\ie security device connected to each one the 
sending computer and \he/2ieceiving computer. 



19. A method for con 



iltri^lling a receiving computer to receive 
information transmitted fVom a transmitting computer over a 
computer network, the method \^pri sing : 

receiving the information^ to be received by the receiving 
computer from the computer networks- 
implementing security mechisnisms to determine whether 
communication is authorized from the sending computer to the 
receiving computer and, if not, then terminating the transmission 
of information 'and, if so, then decrypting the information to be 
received; and, 

transmitting the decrypted information to the receiving 
computer for reception thereof. 
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20. TWe method of claim 19, wherein the step of implementing 
security \mechanisms comprises the steps of determining if the 
transmittiAg computer is in a receive list and consistent with a 
receive secuMty window and, if both conditions are not satisfied 
then terminating the transmission of information, otherwise 
decrypting the information to be received. 



21. The method of dlaim 20, wherein the steps of determining if 
the transmitting compii<;^erN4.s in a receive list and consistent with 



a receive security 
discretionary access 
respectively. 



idow comprises the steps of performing 
control and mandatory access control. 



22. The method of claim IsX further comprising the step of 
generating an audit in addition to terminating the flow of 
information. 

23. The method claim 19, wherein s^urity is implemented at a 
network layer of protocol hierarchy, 



24. The method of claim 19, the methodX being implemented by 
security devices, one security device connected to each one the 
sending computer and the receiving computer. 
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25. a\ secure network having a plurality of host computers 
accessiike to users and connected to a network medium that has 
access to Vn untrusted line, the secure network comprising: 

a netwoVk security controller for enabling a security officer 
to generate aV least one user profile for each user, each user 
profile definiiig at least one destination which the user is 
authorized to acc^s; and, 

security devic^ connected to the network medium for receiving 
the user profiles gerierated at the network security controller, 
each security device ^sociated with one host computer, each 
security device having aJ\ authorization device for authorizing 
users at the associated host computer, the security device 
permitting the authorized useV, via the associated host computer, 
to select a user's profile alssociated with the user and for 
restricting access of the host\ computer to the at least one 
destination defined in the selected\user' s profile. 

26. The network of claim 25, wherein the at least one destination 
comprises at least one other host comput\r of the network or the 
untrusted line. 



27. The network of claim 25, the security Wvice implementing 
security mechanisms when the host computer connects to a trusted 
destination. 



28. TK^ network of claim 25, the security device not implementing 
security\nechanisms when the host computer connects to an untrusted 
destination^ 

29. The networV of claim 25, wherein the untrusted line comprises 
the Internet. \ 

30. The network of claim 25, wherein a user cannot simultaneously 
communicate with a \trusted destination and an untrusted 
destination. \ 

31. The network of claim 2^, wherein a user is prevented from 
simultaneously connecting to delstinations having different security 
levels. \ 

32. The network of claim 25, wherkin a user can only select one 
profile at a time. \ 

33. The network of claim 25, wherein Vhe user profiles define 
virtual private networks of communicatiori comprising siibsets of 
host computers. \ 

34. The network of claim 25, wherein security ^s implemented at a 
network layer of protocol hierarchy. \ 




# 

35. Thk network of claim 25, wherein at least one user profile has 
only one destination. 

36. The netwo^ of claim 25, wherein the destination in a user's 
profile correspond to a level of security granted the user. 

37. The network of \:laim 25, wherein the security devices are 
integrated with the asst>ciated host computer. 

38. A method for operating a network having a plurality of host 
computers accessible to users and connected to a network medium 
that has access to an untrustedX^line , the method comprising: 

generating at least one userV^of ile for each user; each user 
profile defining at least one d^tination which the user is 
authorized to access; \ 

authorizing a user at a host compuVer; 

determining, at the host computer A the at least one user 
profile associated with the authorized usery 

permitting, at the host computer, the\ authorized user to 
select a user's profile associated with the use^r; and 

restricting access of the host computer to\the at least one 
destination defined in the selected user's profiles- 





39. IHie method of claim 38, wherein the at least one destination 
comprisX^ at least one other host computer of the network or the 
untrustedVLine . 

40. The metH<^d of claim 38, further comprising the step of 
implementing a \ecurity mechanism when the host computer connects 
to a trusted destination. 

41. The method of c\aim 38, further comprising the step of not 
implementing security mechanisms when the host computer connects to 
an untrusted. destination ^ 

42. The method of claim 38,\wherein the untrusted line comprises 
the Internet 

43. The method of claim 38, wherkn a user cannot simultaneously 
communicate with a trusted destination and an untrusted 
destination. 



44. The method of claim 38, wherein a\user is prevented from 
simultaneously connecting to destinations h^ing different security 
levels . 
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45. Tt\e method of claim 38, wherein . a user can only select one 
profile at a time. 

46. The method of claim 38, wherein the user profiles define 
virtual private networks of communication comprising subsets of 
host computers .X 

47. The method of Vlaim 38, wherein security is implemented at a 
network layer of protocol hierarchy. 

48. The method of claim\38, wherein at least one user profile has 
only one destination. \ 

49. The method of claim 38, Vherein the destination in a user's 
profile correspond to a level ok security granted the user. 

50. A multi-level secure networks, having a plurality of host 
computers accessible to users and ccmnected to a network medium 
that has access to an untrusted line, the secure network comprising 
a security device coupled between at lekst one host computer and 
the network medium which operates at a network layer communications 
protocol and a network security controller^ f or controlling the 
security device to establish connections to tWfe network medium. 
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51. 1?J^ multi-level secure network of claim 50, wherein the 
network s^urity controller audits events. 



52. The multi-lev^i secure network of claim 50, wherein the 
security device prevent s%ilmultaneous connection to a trusted line 
5 and an untrusted line. 
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53. The multi-level secure network^f claim 50, wherein the 
security device prevents simultaneous conn^ion between lines of 
different security levels . 
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